Skip To Content
Sponsored Content?
This content is made possible by our sponsor; it is not written by and does not necessarily reflect the views of Bloomberg LP's editorial staff. See our Advertising Guidelines to learn more.
Brought to you by Business Reporter

Why Ethical Hackers Are Transitioning to Full-Time Bug Bounty Careers

Intigriti is a Business Reporter client.

Intigriti’s second annual Ethical Hacker Insights Report surveys the views of 1,700 ethical hackers on cybersecurity career preferences and more.

It’s a difficult moment to be an HR leader. If you were to ask your average person 10 years ago to define a “hacker,” their answer would likely refer to something criminal. But the world is finally waking up to the fact that not all hacking activity is malicious—and ethical hackers are actively fighting against the assumption. Today, millions of professionals are operating in a thriving ethical hacking industry.

What is an ethical hacker?

Like malicious hackers, ethical hackers have an extensive knowledge of systems, codes and programming. They’re also driven by the same overriding goal: to break through a target’s defense systems. However, as the name suggests, ethical hackers operate within the law and with good intentions and disclose vulnerabilities to the relevant parties. 

A bug bounty program is a secure way for businesses to invite crowdsourced ethical hackers to test the security of their systems, products and platforms. If a hacker finds an unknown and unique vulnerability, the company will receive a confidential report outlining what needs fixing. 

According to Intigriti’s survey of more than 1,700 ethical hackers, bug bounty hunting is becoming one of the most desirable career paths for cybersecurity talent today. The survey reveals that 96% of ethical hackers would like to dedicate more time to bug bounty hunting in the future, and 66% are considering it as a full-time career.

What is driving the increasing popularity of bug bounty hunting?

Responses to the pandemic, such as remote and hybrid working, opened up more time for people to pick up hobbies or tackle the tasks they never had time for. In the case of many cybersecurity professionals, that hobby was ethical hacking. 

According to Intigriti’s survey, the most significant appeal of full-time bug bounty hunting is the money, with 48% declaring it their top attraction. The average base salary for a penetration tester in the UK is £38,624 ($46,456) per annum, according to PayScale. The desire to be one’s own boss and ability to work one’s own hours closely follow, with 45% of respondents choosing both points as appealing aspects. 

The educational benefits of bug bounty hunting are another key driver of this trend. The survey results indicate that this generation of tech talent isn’t getting what they need from employers to keep their skills and knowledge up to date, despite rising cybersecurity threats. Regarding information security, for example, 50% of respondents said they turn to bug bounty hunting to learn the most relevant and valuable knowledge; just 11% of respondents said that their jobs were the best avenue to learn.

Should businesses care about the ethical hacking trend?

Cybersecurity skill shortages and the ongoing competition for talent mean that organizations must pay attention to this trend. It’s the responsibility of security teams to protect their organizations’ networks, information, systems and assets and manage defenses against potential cyber threats. It’s no secret that this is an arduous task, as threats are constantly evolving and becoming increasingly sophisticated. 

Ethical hacking communities are often the first to discover security threats. For example, since May 2021, 64% of Intigriti’s ethical hackers have encountered a vulnerability they’ve never seen before. Of this group, 33% don’t believe the vulnerability they found had the potential to be picked up through traditional security methods, such as penetration tests. This is likely one reason why 90% of respondents agreed that “a penetration test cannot provide continuous assurance that an organization is secure year-round.”

An organization’s security posture changes with each new release or update, and it’s not only logical but critical to implement rigorous security testing. As attackers shift tactics, cyber defenses must, too—and the only way to test their effectiveness is to apply continuous pressure against them. 

Get more insights and statistics by downloading Intigriti’s second annual Ethical Hacker Insights Report today.

— Inti De Ceukelaire, Head of Hackers at Intigriti, is an established bug bounty hunter based in Belgium. He was one of the first members of Intigriti’s bug bounty platform, HackerOne, and has been recognized by various social media companies and the US Department of Defense. In 2018, he won the “Most Valuable Hacker” award at HackerOne’s five-day hacking competition in Las Vegas, and he has been featured in international media as a subject matter expert and for his cybersecurity awareness stunts.

This article originally appeared in Business Reporter.

Images: Courtesy of Intigriti

LEARN MORE
Terms of ServiceTrademarksPrivacy Policy
CareersMade in NYCAdvertise
Ad Choices
Help©2024 Bloomberg L.P. All Rights Reserved.